Zero Phishing enforcement for HTTPS traffic based on SNI

This feature enhances Zero Phishing Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH. capabilities when HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. is disabled. It categorizes HTTPS websites based on Server Name Indication (SNI) in TLS handshake to prevent access to phishing websites .

The feature is disabled by default.

You can control the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. behavior with the kernel parameter zph_sni_enabled:

• When zph_sni_enabled=0, the feature is disabled. The Zero Phishing Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. does not prevent access to phishing websites based on Server Name Indication (SNI) in TLS handshake when HTTPS Inspection is disabled.

• When zph_sni_enabled=1, the feature is enabled. The Zero Phishing Software Blade prevents access to phishing websites based on Server Name Indication (SNI) in TLS handshake when HTTPS Inspection is disabled.

To configure the applicable value for this kernel parameter temporarily (in the current session only - does not survive reboot), or permanently (survives reboot).

Important - In ClusterXL, you must configure all Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members in the same way.

Deployment	Temporary Configuration	Permanent Configuration
Security Gateway ClusterXL	In Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). or in the Expert mode, run: fw ctl set int zph_sni_enabled <VALUE>	In Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Clish or in the Expert mode, run: fw ctl set -f int zph_sni_enabled <VALUE>
Security Group in ElasticXL Security Group in Maestro Security Group on Scalable Chassis	In Gaia Clish, run: fw ctl set int zph_sni_enabled <VALUE> In the Expert mode, run: g_fw ctl set int zph_sni_enabled <VALUE>	In Gaia Clish, run: fw ctl set -f int zph_sni_enabled <VALUE> In the Expert mode, run: g_update_conf_file $FWDIR/modules/fwkern.conf zph_sni_enabled=<VALUE>

To see the current value of this kernel parameter:

Deployment	Command
Security Gateway ClusterXL	In Gaia Clish, or in the Expert mode, run: fw ctl get int zph_sni_enabled
Security Group in ElasticXL Security Group in Maestro Security Group on Scalable Chassis	In Gaia Clish, run: fw ctl get int zph_sni_enabled In the Expert mode: g_fw ctl get int zph_sni_enabled